diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 56f8c27db1..df60443abe 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -428,6 +428,7 @@ ### [Windows Defender in Windows 10](windows-defender-in-windows-10.md) #### [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md) #### [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md) +#### [Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md) #### [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md) ## [Enterprise security guides](windows-10-enterprise-security-guides.md) ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) diff --git a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md index 8ac1ba2c6b..5ba1e38a0b 100644 --- a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md @@ -25,7 +25,7 @@ Using the GP configuration package ensures your endpoints will be correctly conf > **Note**  To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. The endpoints must be running Windows 10 Insider Preview Build 14332 or later. -1. Open the GP configuration package .zip file (*WindowsATPOnboardingPackage_GroupPolicy.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): +1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): a. Click **Client onboarding** on the **Navigation pane**. @@ -52,13 +52,13 @@ For additional settings, see the [Additional configuration settings section](add ## Configure with System Center Configuration Manager -1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage_ConfigurationManager.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): +1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): a. Click **Client onboarding** on the **Navigation pane**. b. Select **System Center Configuration Manager**, click **Download package**, and save the .zip file. -2. Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. +2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file called *WindowsDefenderATPOnboardingScript.cmd*. 3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic. @@ -76,7 +76,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You a. Click **Client onboarding** on the **Navigation pane**. - b. Select **Manually on-board local machine**, click **Download package** and save the .zip file. + b. Select **Local Script**, click **Download package** and save the .zip file. 2. Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file called *WindowsDefenderATPOnboardingScript.cmd*. diff --git a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md new file mode 100644 index 0000000000..9eb59d5dc1 --- /dev/null +++ b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md @@ -0,0 +1,53 @@ +--- +title: Run a scan from the command line in Windows Defender in Windows 10 (Windows 10) +description: IT professionals can run a scan using the command line in Windows Defender in Windows 10. +keywords: scan, command line, mpcmdrun, defender +search.product: eADQiWindows 10XVcnh +ms.pagetype: security +ms.prod: W10 +ms.mktglfcycl: manage +ms.sitesec: library +author: mjcaparas +--- + +# Run a Windows Defender scan from the command line + +**Applies to:** + +- Windows 10 + +IT professionals can use a command-line utility to run a Windows Defender scan. + +The utility is available in _%Program Files%\Windows Defender\MpCmdRun.exe_ + +This utility can be handy when you want to automate the use of Windows Defender. + +**To run a full system scan from the command line** + +1. Click **Start**, type **cmd**, and press **Enter**. +2. Navigate to _%ProgramFiles%\Windows Defender_ and enter the following command, and press **Enter**: + +``` +C:\Program Files\Windows Defender\mpcmdrun.exe -scan -scantype 2 +``` +The full scan will start. When the scan completes, you'll see a message indicating that the scan is finished. + + +The utility also provides other commands that you can run: + +``` +MpCmdRun.exe [command] [-options] +``` + +Command | Description +:---|:--- +\- ? / -h | Displays all available options for the tool +\-Scan [-ScanType #] [-File [-DisableRemediation] [-BootSectorScan]][-Timeout ] | Scans for malicious softare +\-Trace [-Grouping #] [-Level #]| Starts diagnostic tracing +\-GetFiles | Collects support information +\-RemoveDefinitions [-All] | Restores the installed signature definitions to a previous backup copy or to the original default set of signatures +\-AddDynamicSignature [-Path] | Loads a dyanmic signature +\-ListAllDynamicSignature [-Path] | Lists the loaded dynamic signatures +\-RemoveDynamicSignature [-SignatureSetID] | Removes a dynamic signature +\-EnableIntegrityServices | Enables integrity services +\-SubmitSamples | Submit all sample requests \ No newline at end of file diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 09251bb1f6..9199881438 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -38,7 +38,7 @@ If the endpoints aren't reporting correctly, you might need to check that the Wi **Check the onboarding state in Registry**: -1. Click **Start**, type **Run**, and press **Enter** +1. Click **Start**, type **Run**, and press **Enter**. 2. From the **Run** dialog box, type **regedit** and press **Enter**.